Security Alert

April 24, 2018 Phishing Attempt

Tuesday, April 24, 2018, many UA employees received a phishing email with the subject title “Della Lorenzen sent you “file 3231””

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

Phishing Attempt

April 23, 2018 Phishing Attempt

Monday, April 23, 2018, many UA employees received a phishing email with the subject title “Microsoft: Action Required”

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

Phishing attempt

Avoid Tax Identity Fraud

Tax season is upon us. February, March and April serve as the prime time for tax scammers to act as the IRS or other reputable institutions to attempt to steal your sensitive data.

The Associated Press reports that in the past five years there has been a 400 percent rise in tax scams. Since 2013, the IRS has seen over 5,000 victims pay over $26.5 million as a result of a scam.

Tax scams can originate over the phone or email. Scammers use technology to disguise a call using your local area code, so it’s not just 1-800 numbers anymore. Hackers may use urgent or threatening language such as “late payment” or “everything under your name will be seized unless you pay.”

If you receive a call like this, hang up. Do not trust the caller ID. If you have questions about a call, and believe that it might be real, call the IRS directly to confirm. Hackers communicate via email, but the IRS does not. The IRS only sends postal mail. Hackers regularly pose as the IRS or DocuSign to attempt to get users to click on a link in an email to provide sensitive data. Do not ever submit personal information via email, and if you do receive an email like this, delete it.

If you do provide sensitive information over the phone or through email, please contact your local authorities. The IRS works aggressively to prevent and detect tax-related identity theft. Visit irs.gov for more information. OIT also warns UA employees of known phishing attempts. Always check oit.ua.edu/news for updates and phishing attempt alerts.

Feb. 10 Phishing Attempt

Saturday, Feb. 10, 2018, many UA employees received a phishing email with the subject title “UA” “Help Desk” “IT Help Desk” or “IT”

These emails are phishing attempts designed to steal credentials such as myBama usernames or passwords.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

Feb. 10 screenshot

Jan. 30, 2018 Student Phishing Attempt

Tuesday, Jan. 30, 2018, many UA students received a phishing email with the subject title “STUDENT PART-TIME WORK”

This is a phishing attempt designed to obtain sensitive financial data by attracting students with the prospect of a part time job. If you haven’t already, please delete the email.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu. Below is a screenshot of the phishing email.

Phishing Attempt Screenshot

Keep Your DUO App Up to Date

Beginning April 1, 2018, DUO will no longer provide support for DUO mobile applications iOS 9 and Android 5. Both of these older OS versions are officially unsupported by Apple and Google. Devices using these older app versions will still continue to function, DUO will just no longer provide customer support for them. OIT encourages users to always update your app and OS to the newest available version to ensure you have the most secure and reliable version available.

Beware of the Modern Holiday Grinch – the Phish

In 1957 Dr. Seuss wrote of a villain who stole holiday boxes and packages, but today villains are out for more than precious gifts and who-pudding. Cyber hackers take advantage of holiday shoppers and see the holiday season as an ideal time to steal credit card information and sensitive data. This holiday season, follow these tips from The Office of Information Technology to keep your information safe online.

Holiday Cyber Tips

Shopping Tips

Use credit cards rather than debit cards when shopping online. If your information is compromised, a credit card company may be quicker to refund your credit than a bank would be to issue a refund from your checking account.

When you’re shopping online, make sure you are shopping on a secure site. The URL should include “https.” The “s” stands for secure. It should also have a lock icon in the URL bar.

Use a personal email for shopping online. Use your Gmail, Yahoo or other personal account for your online shopping. Do not open up your ua.edu or crimson.ua.edu account to unnecessary threats.

If your bank or credit card company offers two-factor authentication, like DUO, use it! Many online banking sites offer two-factor verification. Bank of America, Capital One, Chase, Discover, Wells Fargo all offer two-factor. Check your bank’s website to learn more.

Keep an Eye Out for Phishy Emails

Check the from email address. If you receive a purchase confirmation or tracking number via email, it should have the company’s name in the “from” email address. For example, if you receive an email from UPS alerting you that your package has shipped, it should come from ups.com.

Hover before you click. When you do get a confirmation or tracking email, hover over a link before clicking it. This will show you where a link is taking you before you go. This also works on your phone or tablet – just hold your thumb on the link and a bubble will appear with the URL.

Add DUO to a New Device

If you made the nice list, and receive a new smartphone or tablet over the holiday break, be sure to add the device to your DUO account to enable it for two-factor authentication. Step-by-step instructions are available at https://oit.ua.edu/service/duo-tutorials/

Stay smart and safe online this holiday season. The IT Service Desk will be closed Dec. 21, 2016, through Jan. 2, 2017. For more information, visit oit.ua.edu/security.

 

OIT adds DUO to UA Faculty and Staff Webmail

Effective Wednesday, Nov. 8, 2017, OIT will add DUO two-factor authentication to OIT-supported faculty and staff Webmail accounts.

If you are an active DUO user with an OIT-supported email address, DUO will be applied to your online UA Exchange Webmail account. Your email will be better protected under the same two-factor authentication that your myBama account currently receives.

When you visit webmail.ua.edu to check email, you will see the standard DUO prompt that you see when logging into myBama. You will follow the same procedure as you typically would when logging into myBama. You can also use the “Remember Me for 30 Days” feature.

If you use a desktop or smart phone mail application (such as Outlook, or your device’s standard Mail App) for your UA Exchange Mail, you will not notice any change. You will be able to use your mailbox as you typically would. This will not impact departmental or shared email accounts accessed through Webmail.

By adding DUO two-factor authentication to Webmail, OIT can better protect UA faculty and staff inboxes from cyberattacks. Please visit oit.ua.edu/duo to see answers to frequently asked questions, and contact the IT Service Desk at 205-348-5555 or itsd@ua.edu with additional questions.

October 26 Student Phishing Attempt

Thursday, October 26, 2017, many UA students received a phishing email with the subject title “Mail Notice”

This is a phishing attempt designed to obtain sensitive user data, like your myBama username and password, and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

Phishing Attempt

October 26 Phishing Attempt

Thursday, October 26, 2017, many UA employees received a phishing email with the subject title “Emergency Notification”

This is a phishing attempt designed to obtain sensitive user data, like your myBama username and password, and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Phishing Attempt